Your message dated Tue, 06 Sep 2016 01:19:40 +0000 with message-id <e1bh536-0003fg...@franck.debian.org> and subject line Bug#836714: fixed in charybdis 3.5.3-1 has caused the Debian Bug report #836714, regarding certificate spoofing via crafted SASL messages to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 836714: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836714 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: inspircd Version: 2.0.5-1+deb7u2 Severity: critical Tags: security inspircd published 2.0.23 that fixes an issue with SASL authentication. The details are here: http://www.inspircd.org/2016/09/03/v2023-released.html All versions are affected. Upstream hasn't requested a CVE yet. I will contact oss-security to make sure that happens. It seems to also affect Charybdis, which fixed the issue in the upcoming 3.5.3 release: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824 I will take care of the 3.5.3 upload or backporting those patches to 3.5.2 and 3.4 (if relevant) as soon as I can. -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (1, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/2 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---Source: charybdis Source-Version: 3.5.3-1 We believe that the bug you reported is fixed in the latest version of charybdis, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 836...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Antoine Beaupré <anar...@debian.org> (supplier of updated charybdis package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 05 Sep 2016 18:16:17 -0400 Source: charybdis Binary: charybdis charybdis-dbg Architecture: source amd64 Version: 3.5.3-1 Distribution: unstable Urgency: high Maintainer: Antoine Beaupré <anar...@debian.org> Changed-By: Antoine Beaupré <anar...@debian.org> Description: charybdis - fast, scalable irc server charybdis-dbg - fast, scalable irc server Closes: 836714 Changes: charybdis (3.5.3-1) unstable; urgency=high . * new upstream release * fix security issue "certificate fingerprint spoofing through crafted SASL messages", CVE-2016-7143 (Closes: #836714) * drop patch null-deref-fix.patch, factored in upstream * ignore alpha/beta/RC releases upstream, we want to follow the stable stuff Checksums-Sha1: b804ea3d323967426ca78063e1697a95c8335360 2056 charybdis_3.5.3-1.dsc 08e96086f8b43d83bb3661981a288f066d79d3f3 1555846 charybdis_3.5.3.orig.tar.bz2 eb1c1b1080c3da02d7b4064cdff32af05b128703 12700 charybdis_3.5.3-1.debian.tar.xz 543b31809864a7477f5bfd545b7f60cc5cec21c4 2139832 charybdis-dbg_3.5.3-1_amd64.deb f0e3bb2d0d51eefc007ee6e45f7714c1fa7fb443 570802 charybdis_3.5.3-1_amd64.deb Checksums-Sha256: 669d15c41ffb40e666b05ba3d75ec8798c9e102e76e8293f99aafd397af4ae56 2056 charybdis_3.5.3-1.dsc 9fb928524acbadeabedef56b0b6446c2d6de365382e256f5c21170c75390e16b 1555846 charybdis_3.5.3.orig.tar.bz2 e3e7c9a7d1e9562b5f3c0d511f00418ac4aec6ac6ea1d71364599473cf608eef 12700 charybdis_3.5.3-1.debian.tar.xz 5c8a26cb3a7eaad0b186ab8e4c4f9b26821aea1a33a89e7743ee6450f9304898 2139832 charybdis-dbg_3.5.3-1_amd64.deb 9d701c64f856a296da80989973c993fe465fd656ba1bad22aa5ae810502f5ffc 570802 charybdis_3.5.3-1_amd64.deb Files: e01361579dd3371bc13971fcc3e5c55b 2056 net optional charybdis_3.5.3-1.dsc 77b6d03fd5f155ce048de37482bdb72a 1555846 net optional charybdis_3.5.3.orig.tar.bz2 744f1a93459569af16d5aee7a8944a17 12700 net optional charybdis_3.5.3-1.debian.tar.xz 1b06b516f372a533ea6af7bc4a545521 2139832 debug extra charybdis-dbg_3.5.3-1_amd64.deb 87c1a651f65aa0f0c0e4ca4c29ddbfab 570802 net optional charybdis_3.5.3-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXzhcvAAoJEHkhUlJ7dZIeHqcQAKT9dmiS7b2Pq/iwwCPjDxwu UsZyYbbBJbrmbKoYE6wEcppzOGDe3LskY7ZT5ty++0cGSTdIoF1LTkY9xfRe0lv1 Scit6jUa9WvDoPtdLan7XnjVbKqCNkgHtEcEuh7X0QG5YbBZEzW8fJMD6e9XOip7 g6tR7o7BuEPN5/WyypV2TgLok3/uLL81bjuBfWW7hqwsaCeo/k6TLO2ERtI3heDu 3D9cG1Cz28owrtdZbfrqMtnucUMigKZIoS1WOv3b/72a4f8r4MwDGUZmKkiQxKXe 7Xf+1PehWSKj+LGXw6yZfLaRjBMnAnyOS6lzmS/tqvbil3qMnJVW5EJrBXsLHcQl kB9gaxPLFkWtMKXztlRj0jtQpkk0vmGoBvkIOd/CxXPEcKfWYg3yFcB+rZHEfGrg ktX1XoYUxWyBe/5dqWsD08abxtTD0jiDs/oMhokmz5vWk7Yya9l45N0eXiJtIEfO iY2L5S2gzS46fue3iXmO5kYhqZhZWb0taOsDo0Q3W3V2CW8a+JbccPMdzT7WGzEz L/MJ+MA3ujB96y8a9Gp1OtpqHm9C+X8v4Saa+Q8lZX5R7rAStNGwW21BpJwHbYR1 3AFPP0EIevqGgKKOMgqFmz2oDekDWSsfT+WaIarnftphVvhm1mjFEzWSLdvXKuC3 V4c2KLv1mbgNu7wbYYJ+ =xG4t -----END PGP SIGNATURE-----
--- End Message ---
